Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreih3qbbsxqlxayyzxxq4vqorgnfdjqwn7gdpyvttt6iynypzhp6cey",
    "uri": "at://did:plc:hrmcjdks6yqnd6blyz33hrp4/app.bsky.feed.post/3mhfk32xzocw2"
  },
  "path": "/2026/03/musings-on-digital-sovereignty/",
  "publishedAt": "2026-03-18T21:05:25.000Z",
  "site": "https://neilzone.co.uk",
  "textContent": "I’ve heard a lot about “digital sovereignty” recently.\n\nI’ve heard it mostly in connection with USA-based tech companies, big ones in particular.\n\nI am not aware of a clear, agreed, definition, but it seems to boil down to wanting control over (all? some of?) one’s digital systems. Or, at least, not depending on technologies which are controlled by people/organisations in other countries.\n\nBut I wonder how far the notion of “digital sovereignty” goes.\n\n## Am I “digitally sovereign”? Can I be “digitally sovereign”?\n\nTake me, for instance.\n\nI use almost exclusively Free software, which I run locally on my own hardware.\n\nNo-one can - short of hacking my systems - remove or limit the software that I use. No-one can lock me out, or delete my data.\n\nDoes that make me “digitally sovereign”?\n\nIf it does, that seems like a very shallow concept of sovereignty.\n\nSure, it is better than being subject to the whims of a SaaS provider. But I am still dependent on a whole range of other people, whose software I benefit from using. And the people who maintain that software. And the people who package that software. And the people who distribute that software. And so on.\n\nI, personally, could not expect to have control over anything but a tiny, tiny part of that.\n\nPerhaps I can never, realistically, be “digitally sovereign”?\n\n## Reliance on others is reality (for me, anyway)\n\nThese wonderful, generous people could be anywhere in the world. They are - most likely - all over the world.\n\nSo while I might have control over the software that I have already installed, I have no (realistic) control over updates, security patches, and the like.\n\nAnd while I might host everything myself, I have to get that software from _somewhere_.\n\nSometimes - often - it is from Debian’s repositories.\n\nSometimes, that is from people’s own code forges.\n\nAnd sometimes it is from Github. My Mastodon (glitch-soc) instance, for example. Were Github to stop hosting that code, or to stop me from accessing it, I’d either need to find another way to obtain it (to maintain patching/updates), or cease to run it.\n\nLet’s Encrypt is a USA-based organisation, so perhaps I should find another ACME TLS certificate provider…\n\nPerhaps viewing this from the perspective of me - just one person - is fundamentally flawed? Because _of course_ I am dependent on others - if I chose not to be so, I, and the vast majority of the population, would not be “digitally sovereign”, but rather digitally neutered.\n\nBut individuals are indeed vulnerable to the whims of third parties, just as much as governments or big businesses. In fact, perhaps more so, based on the number of software providers that I’ve seen switch from on-machine software to SaaS, and then proceed to screw over their customers with increasingly expensive subscriptions and lock-ins.\n\n## Is “digital sovereignty” about geographic borders?\n\nI wonder, to what extent geographic borders are relevant.\n\nDoes “digital sovereignty” require that a nation (or company? Or individual? not sure…) can support all its own software, hardware, routing, hosting requirements etc. solely by or with people and companies from within its own geographic borders?\n\nDoes it extend beyond supporting software, into only running software which is created within its regions?\n\nIf it does, then that sounds incredibly inefficient, with each country needing to develop its own operating system, its own applications etc. What a waste of effort, competing rather than collaborating.\n\nFrom an individual point of view, sure, placing my trust in a company in another country may not be a great idea, but is placing my trust in a company within my own country’s borders significantly better? I self-host for a reason.\n\nI could have the rug pulled out from under my feet by a _domestic_ provider, with just as great an impact as a _foreign_ provider.\n\nI question if I can be “sovereign” at all, if I am reliant on someone else.\n\nIf this is true, is geography-based “digital sovereignty” little more that digital xenophobia?\n\nPerhaps the principle of “digital sovereignty” only relates to governments, and others who have significant bargaining power.\n\n## Greater control, at greater cost?\n\nI’ve yet to see a good, solid indication of how “digitally sovereignty” is to be funded.\n\nYes, sure, an organisation might be spending a small fortunate on Microsoft’s services. They could indeed channel that money into a Free software alternative, and associated training.\n\nBut are they going to do so?\n\nI’ve seen press releases about “savings”, which suggests money not being spent, rather than that money being spent elsewhere.\n\nI imagine that, in reality, “digital sovereignty” would be a remarkably expensive undertaking. Perhaps more expensive than buying commodity services from overseas third parties.\n\nDigital sovereignty may come at _premium_ pricing, rather than being a cheaper alternative, and that money needs to come from somewhere.\n\n## Digital sovereignty beyond the tech\n\nAnd, beyond money, and beyond tech, there might be issues of incentivising local development (boosting local employment), removing tax breaks available to behemoth organisations, making laws comprehensible and applicable for small organisations with a cadre of lawyers and lobbyists, and so on.\n\nDigital sovereignty might be grounded in considerations of technology, but likely requires far, far broader thinking.",
  "title": "Musings on 'digital sovereignty'",
  "updatedAt": "2026-03-18T21:05:25.000Z"
}